CVE-2014-1693 — CRLF Injection in OTP
11 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 30.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 8
Latest updateMay 14
Description
Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, or (18) append_bin command.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages3 packages
🔴Vulnerability Details
4GHSA▶
GHSA-q3fq-w858-v26f: Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via↗2022-05-14
OSV▶
CVE-2014-1693: Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via↗2014-12-08
CVEList▶
CVE-2014-1693: Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via↗2014-12-08